Patch for openssh adding option "-Z" so specify source port of connection of both ssh and scp)

zibri_ssh.patch

diff -u openssh-7.6p1/scp.c openssh-7.6p1Z/scp.c
--- openssh-7.6p1/scp.c	2020-01-15 17:20:57.000000000 +0200
+++ openssh-7.6p1Z/scp.c	2020-01-15 17:19:37.699437700 +0200
@@ -153,6 +153,9 @@
 /* This is the program to execute for the secured connection. ("ssh" or -S) */
 char *ssh_program = _PATH_SSH_PROGRAM;
 
+/* This is used to store the source_port specified by -Z */
+char *source_port = NULL;
+
 /* This is used to store the pid of ssh_program */
 pid_t do_cmd_pid = -1;
 
@@ -287,6 +290,10 @@
 			addargs(&args, "-l");
 			addargs(&args, "%s", remuser);
 		}
+                if (source_port != NULL) {
+                        addargs(&args, "-Z");
+                        addargs(&args, "%s", source_port);
+                }
 		addargs(&args, "--");
 		addargs(&args, "%s", host);
 		addargs(&args, "%s", cmd);
@@ -336,6 +343,10 @@
 			addargs(&args, "-l");
 			addargs(&args, "%s", remuser);
 		}
+                if (source_port != NULL) {
+                        addargs(&args, "-Z");
+                        addargs(&args, "%s", source_port);
+                }
 		addargs(&args, "--");
 		addargs(&args, "%s", host);
 		addargs(&args, "%s", cmd);
@@ -412,7 +423,7 @@
 
 	fflag = Tflag = tflag = 0;
 	while ((ch = getopt(argc, argv,
-	    "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) {
+	    "dfl:prtTvBCc:i:P:q12346S:Z:o:F:")) != -1) {
 		switch (ch) {
 		/* User-visible flags. */
 		case '1':
@@ -466,6 +477,9 @@
 		case 'S':
 			ssh_program = xstrdup(optarg);
 			break;
+                case 'Z':
+                        source_port = xstrdup(optarg);
+                        break;
 		case 'v':
 			addargs(&args, "-v");
 			addargs(&remote_remote_args, "-v");
@@ -1565,6 +1579,7 @@
 	(void) fprintf(stderr,
 	    "usage: scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
 	    "           [-l limit] [-o ssh_option] [-P port] [-S program]\n"
+	    "           [-Z source_port]\n"
 	    "           [[user@]host1:]file1 ... [[user@]host2:]file2\n");
 	exit(1);
 }
Only in openssh-7.6p1Z: scp.c.orig
Only in openssh-7.6p1Z: scp.c.rej
diff -u openssh-7.6p1/ssh.c openssh-7.6p1Z/ssh.c
--- openssh-7.6p1/ssh.c	2020-01-15 17:20:57.000000000 +0200
+++ openssh-7.6p1Z/ssh.c	2020-01-15 17:16:07.348847900 +0200
@@ -168,6 +168,9 @@
  */
 char *host;
 
+/* source port specified by -Z */
+char *source_port = NULL;
+
 /* socket address the host resolves to */
 struct sockaddr_storage hostaddr;
 
@@ -203,6 +206,7 @@
 "           [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n"
 "           [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]\n"
 "           [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]\n"
+"           [-Z source_port]\n"
 "           [user@]hostname [command]\n"
 	);
 	exit(255);
@@ -612,7 +616,7 @@
 
  again:
 	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
-	    "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+	    "ACD:E:F:GI:J:KL:MNO:PQ:R:S:Z:TVw:W:XYy")) != -1) {
 		switch (opt) {
 		case '1':
 			fatal("SSH protocol v.1 is no longer supported");
@@ -911,9 +915,13 @@
 		case 's':
 			subsystem_flag = 1;
 			break;
-		case 'S':
-			free(options.control_path);
-			options.control_path = xstrdup(optarg);
+                case 'S':
+                        free(options.control_path);
+                        options.control_path = xstrdup(optarg);
+                        break;
+		case 'Z':
+			free(source_port);
+			source_port = xstrdup(optarg);
 			break;
 		case 'b':
 			options.bind_address = optarg;
diff -u openssh-7.6p1/sshconnect.c openssh-7.6p1Z/sshconnect.c
--- openssh-7.6p1/sshconnect.c	2020-01-15 17:20:57.000000000 +0200
+++ openssh-7.6p1Z/sshconnect.c	2020-01-15 17:16:07.369341400 +0200
@@ -78,6 +78,7 @@
 /* import */
 extern Options options;
 extern char *__progname;
+extern char *source_port;
 extern uid_t original_real_uid;
 extern uid_t original_effective_uid;
 
@@ -287,16 +288,16 @@
 	fcntl(sock, F_SETFD, FD_CLOEXEC);
 
 	/* Bind the socket to an alternative local IP address */
-	if (options.bind_address == NULL && !privileged)
+	if (options.bind_address == NULL && !privileged && source_port == NULL)
 		return sock;
 
-	if (options.bind_address) {
+	if (options.bind_address || source_port) {
 		memset(&hints, 0, sizeof(hints));
 		hints.ai_family = ai->ai_family;
 		hints.ai_socktype = ai->ai_socktype;
 		hints.ai_protocol = ai->ai_protocol;
 		hints.ai_flags = AI_PASSIVE;
-		gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
+		gaierr = getaddrinfo(options.bind_address, source_port, &hints, &res);
 		if (gaierr) {
 			error("getaddrinfo: %s: %s", options.bind_address,
 			    ssh_gai_strerror(gaierr));

zibri_ssh.patch_readme.txt

How to use:

$ sudo apt install -y build-essential zlib1g-dev libssl1.0-dev libkrb5-dev libpam-dev
$ mkdir openssh; cd openssh
$ apt source openssh
$ cd openssh-*
$ wget https://gist.githubusercontent.com/Zibri/0e01302cf2604b689c32388eaebf347b/raw/zibri_ssh.patch
$ patch -p1 -i zibri_ssh.patch
$ ./configure --with-pam --with-kerberos5 --prefix=/usr
$ make -j6 && sudo rm /usr/share/man/man5/authorized_keys.5 ;sudo make install


Or you can just do:

$ wget -q -O - "https://gist.github.com/Zibri/0e01302cf2604b689c32388eaebf347b/raw/zibri_ssh_patch.install?t=$(date +%s)"|bash

Enjoy!
Zibri

zibri_ssh_patch.install

#!/bin/bash
sudo apt install -y build-essential zlib1g-dev libssl1.0-dev libkrb5-dev libpam-dev
temp=$(mktemp -d 2>/dev/null /dev/shm/ssh.XXX || mktemp -d 2>/dev/null /tmp/ssh.XXX)
opwd=$PWD
cd $temp
apt source openssh
cd openssh-*
wget -q "https://gist.githubusercontent.com/Zibri/0e01302cf2604b689c32388eaebf347b/raw/zibri_ssh.patch?t=$(date +%s)" -O zibri_ssh.patch
patch -p1 -i zibri_ssh.patch
sed -i "s/200\*)/101\*)/" configure
./configure --with-pam --with-kerberos5 --prefix=/usr
make -j8 && sudo rm /usr/share/man/man5/authorized_keys.5;sudo make install;cd $opwd &>/dev/null;rm -rf "$temp"